How to restrict one user from one IP
This is a discussion on How to restrict one user from one IP within the PHP Language forums, part of the PHP Programming Forums category; I want to allow only one account currently logged in from one IP. Sometimes user open two or three accounts ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-26-2008
|
|||
|
|||
How to restrict one user from one IP
I want to allow only one account currently logged in from one IP.
Sometimes user open two or three accounts from one IP. Is there any way to stop that? I m thinking of getting IP and storing it in session variables and making a check but not clear about the whole process. Regards Rahi 
|
|
02-26-2008
|
|||
|
|||
|
Re: How to restrict one user from one IP
rahismailbox@gmail.com wrote:
> I want to allow only one account currently logged in from one IP. > Sometimes user open two or three accounts from one IP. > Is there any way to stop that? > > I m thinking of getting IP and storing it in session variables and > making a check but not clear about the whole process. > > Regards > Rahi > You can't do it reliably. Many medium and large companies have a proxy that all computers on their network use, so externally, all of their computers will have the same IP address. But worse, many large companies and ISP's (such as AOL) use multiple proxies, and a request can come from any of the proxies. That means every request may come from a different IP address. And even if neither of the above is true, dynamic addressing means a user can get a different IP address when his current lease expires. -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================
|
|
02-26-2008
|
|||
|
|||
|
Re: How to restrict one user from one IP
rahismailbox@gmail.com wrote:
> I want to allow only one account currently logged in from one IP. > Sometimes user open two or three accounts from one IP. > Is there any way to stop that? > > I m thinking of getting IP and storing it in session variables and > making a check but not clear about the whole process. $_SESSION -- Freundliche Grüße, Franz Marksteiner
|
|
02-26-2008
|
|||
|
|||
|
Re: How to restrict one user from one IP
On Tue, 26 Feb 2008 07:51:55 +0100, rahismailbox@gmail.com
<rahismailbox@gmail.com> wrote: > I want to allow only one account currently logged in from one IP. > Sometimes user open two or three accounts from one IP. > Is there any way to stop that? > > I m thinking of getting IP and storing it in session variables and > making a check but not clear about the whole process. Rather then restrict it by ip, I use tables to store a session: table sessions: session-id (primary key, session-id from PHP) user-id (from the users table or null) values (default serialized session data) table user: id name etc... On a login attempt, a user can identify himself, which will mean his user-id gets coupled to the session, all other session(s) having that user-id will have their user-id set to null (effectively logged out). The user-id is 'manualy' (i.e. with PHP code querying the database) overwritten in the $_SESSION array. The advantage is that a user can be logged in with only one session-id, regardless of changing/static ip addresses (several users from one, or one hopping addresses is no trouble), the disadvantage could be that one user which deploys different UA's which don't share their cookies (MSIE & FF for instance), he can't stay logged in in both UA's. -- Rik Wasmus
|
|
02-26-2008
|
|||
|
|||
|
Re: How to restrict one user from one IP
On Feb 26, 1:51 am, "rahismail...@gmail.com" <rahismail...@gmail.com>
wrote: > I want to allow only one account currently logged in from one IP. > Sometimes user open two or three accounts from one IP. > Is there any way to stop that? > > I m thinking of getting IP and storing it in session variables and > making a check but not clear about the whole process. > > Regards > Rahi $_SESSION wont help with this on it's own as two computers would have separate SESSION_IDs you would have to store IP addresses with SESSION_ID in a database or something then you'd have to search the db for that IP on every page access, and if the SESSION_ID doesn't match... handle it... but the problems with this have been highlighted and if it's something like someone flooding your site, throttle Login actions to y attempts every x seconds
|
|
02-26-2008
|
|||
|
|||
|
Re: How to restrict one user from one IP
rahismailbox@gmail.com wrote: > I want to allow only one account currently logged in from one IP. > Sometimes user open two or three accounts from one IP. > Is there any way to stop that? > > I m thinking of getting IP and storing it in session variables and > making a check but not clear about the whole process. > > Regards > Rahi Search the archives, you will find the answer! Do not ask the question which were answered!..
|
Linear Mode
